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(54) Title: SITE CERTIHCATE SYSTEM 

(57) Abstract 

A site certificate system for use on the Inter- 
net (15) (as defined in the specification), said sys- 
tem comprising a certificate authority (11) adapted 
to issue site identifications (18) characteristic of a 
predetennined organisation (17). said certificate au- 
thority also being adapted to communicate widi a 
domain name server registry (12) thereby to issue 
non-compliance notifications and a revocation list 
(19) for use by the domain name server registry so 
as to indicate to a relying party (14) that said pre- 
determined organisation does not satisfy certain se- 
lected parameters; said selected parameters being un- 
der near continuous monitoring by said certificate au- 
thority. 
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SITE CERTIFICATE SYSTEM 

The present invention relates to a site certificate 
system and, more particularly^ to such system adapted for 
5 rapid and timely maintenance of authentication status of a 
site certificate adapted particularly for use on what is 
commonly known as the "Inteirnet", 

BACKGROUND 

10 The Internet may be described as a worldwide 

interconnection of computers all of which are adapted to 
communicate according to a common protocol currently the 
protocol is known as TCP/IP. 

Communication between computers according to this 

15 protocol takes place across a multitude of communication 
channels including the public switch telephone network 
(PSTN) and also more restricted channels. 

One problem with this form of communication system is 
that it can be difficult to ensure data integrity and 

20 confidentiality. Allied to this is the problem of identity 
of sources of data - that is how can a relying party be 
sure that the data it receives purporting to come from a 
particular computer site does, in fact, come from that 
site, come with the clear authority of the owner of the 

25 site, and, more particularly, that the owners of the site 
are who they purport to be. 
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A partial solution to this identity confirmation or 
authentication problem has come about by trusted third 
parties providing a secure electronic file which can be 
5 utilised to confirm site identity. 

A problem with this arrangement is that the trusted 
third party which issues the site identification upon which 
other parties then rely may, itself, not always have up to 
date information as to the status and identity of the 
10 owners of the site in respect of which the site 
identification is issued. 

It is an object of the present invention to address or 
alleviate this problem. 

15 BRIEF DESCRIPTION OF INVENTION 

The invention consists in a site certificate system 
for use on the Internet (as defined in the specification) , 
said system comprising a certificate authority adapted to 
issue site identifications characteristic of a 

20 predetermined organisation, said certificate authority also 
being adapted to communicate with a domain name server 
registry thereby to issue a revocation notification to the 
domain name server registry and update a revocation list 
for use by the domain name server registry so as to 

25 indicate to a relying party that said predetermined 
organisation does not satisfy certain selected parameters; 
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said selected parameters being under near continuous 
monitoring by said certificate authority. 

BRIEF DESCRIPTION OF DRAWINGS 

One embodiment of the invention will now be described 
with reference to the accompanying drawing wherein: 

Fig. 1 is a block diagram of a site certificate system 
according to a first embodiment of the invention. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENT 

With reference to Fig. 1 there is shown, in block 
diagram form, components of a site identification system 
15 adapted to co-operate in accordance with a first embodiment 
of the invention. 

The site certificate system 10 includes a Certificate 
Authority (CA) 11, a domain name server (DNS) 12, a first 
organisation server 13 and a relying party 14. 
20 In this embodiment each of the sites 11, 12, 13, 14 is 

adapted to communicate over the Internet 15 by way of 
computer interface. 

In use, a computer 16 of relying party 14 will place a 
query onto the Internet seeking the address of first 
25 organisation server 13. A domain name server 12 will match 
the name of the organisation 17 with an Internet address of 
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first organisation server 13 following which a data 
connection over Internet 15 will be established between 

computer 16 of relying party 14 and first organisation 
5 server 13 of organisation 17. 

As part of the establishment of the data connection 
the site identification 18 residing on first organisation 
server 13 will be interrogated by computer 16 for the 
purposes of: 

10 1. Authenticating the identity of first organisation 
server 13; and 

2. Providing an encryption key for the purposes of 
encrypting the data stream passing between computer 16 of 
relying party 14 and first organisation server 13 of 
15 organisation 17. 

The site identification 18 is issued by certificate 
authority 11, the certificate authority 11 being a trusted 
third party. 

Having interrogated the site identification 18 
20 computer 16 of the relying party 14 may then proceed with 
data interchange over the Internet 15 between computer 16 
and first organisation server 13 with a higher level of 
confidence than would othearwise be the case that: 

1. First organisation server 13 is under the control and 
25 sponsorship of organisation 17; and 

2. Data sent to and derived from first organisation 13 
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will not be able to be decoded by any other parties having 
access to the Internet 15. 

In this embodiment certificate authority 11 maintains 
a near continuous monitoring of selected parameters 

5 pertaining to identity, ownership and financial status of 
organisation 17 whereby, should one or more of those 
parameters change in a way which would indicate that site 
identification 18 no longer reflects correctly the 
identity, ownership or financial status of organisation 17 

10 then the certificate authority 11 lists the site 
identification 18 as no longer valid and takes steps to 
notify the domain name server 12 to re-route enquiries made 
over the Internet in relation to the domain name of first 
organisation server to a page which indicates that the site 

15 ID 18 of organisation 17 has been revoked. The revocation 
list 19 published by the certificate authority 11 resides 
on certificate authority 11, The domain name server may 
also redirect queries concerning organisation 17 to the 
computer upon which the revocation list 19 resides. 

20 In this matter relying party 14 can be confident to a 

higher level than heretofore that a communication with 
first organisation server 13 over Internet 15 is a 
communication with a site which has the sponsorship and 
approval of organisation 17 and that organisation 17 is in 

25 a position to provide the sponsorship and/or approval with 
reference to the selected parameters which,' in this 



wo 00/51039 



PCT/AU99/01173 



6 



instance, comprise identity, ownership and financial 
status . 

The above describes only one embodiment of the present 
invention and modifications, obvious to those skilled in 
5 the art, can be made thereto without departing from the 
scope and spirit of the present invention. 
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CLAIMS 

1. A site certificate system for use on the Internet (as 
defined in the specification) , said system comprising a 

5 certificate authority adapted to issue site identifications 
characteristic of a predetermined organisation, said 
certificate authority also being adapted to communicate 
with a domain name server registry thereby to issue non- 
compliance notifications and a revocation list for use by 

10 the domain name server registry so as to indicate to a 
relying party that said predetermined organisation does not 
satisfy certain selected parameters; said selected 
parameters being under near continuous monitoring by said 
certificate authority. 

15 2. The site certificate system of Claim 1 wherein said 
selected parameters comprise one or more of identity, 
ownership and financial status. 

3. The site certificate system of Claim 1 or Claim 2 
wherein said step of . near continuous monitoring comprises 
20 monitoring on a daily basis. 
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